|
||||||||
Hi again and thanks to sai, Marcel Wiget and Chris Buechler for their suggestions... Sadly I am still stuck! I tried using the following rule: Interface Source Destination Target WAN 192.168.128.0/17 ! 192.168.2.0/24 * this enables Internet, but not the WAN/LAN communication I also tried this rule instead: WAN 192.168.0.0/16 ! 192.168.0.0/16 * and also: WAN 192.168.0.0/16 * * without any more success :( The response packets are still being filtered!!! I am using 1.3b13 by the way, but 1.3b04 was having the same symptoms... Yannick Marcel Wiget a écrit : > well, the trick is to create the NAT rules in a way that they catch > all traffic except the ones from your box to your LAN network > 192.168.128.0/17. > If box is the only host in question here, add a NAT rule that matches > your LAN as the source and _not_ your box's IP address. > > Marcel > > On Wed, Jul 23, 2008 at 3:29 PM, Yannick Bréhon <y dot brehon at qiplay dot com> wrote: >> Well, as soon as I activate NAT service as you suggested, connectivity >> disappears. I tried activating NAT for destination "!192.168.0.0/16" but >> then my Internet disappears... This is *really* weird :( >> I seem to have to choose: Internet or local connectivity ... >> >> Marcel Wiget a écrit : >>> to get NAT service, you need to add now static outbound NAT rules on >>> the WAN interface so that traffic with source address from your LAN is >>> properly NAT'd while traffic from your box to the LAN isn't. >>> >>> I use a setup with 3 interfaces: WAN, DMZ and LAN and have it set up >>> so that LAN traffic gets NAT'd thru WAN but not between LAN <-> DMZ. >>> In this case my static Outbound NAT rule is >>> >>> interface: WAN >>> Source: 192.168.1.0/24 (my LAN subnet) >>> Destination: * >>> Target: * >>> >>> hope this helps >>> >>> On Wed, Jul 23, 2008 at 2:00 PM, Yannick Bréhon <y dot brehon at qiplay dot com> wrote: >>>> OK, we are starting to get some motion... >>>> I did what you suggested, and as far as allowing cross communiication >>>> between LAN and WLAN, it worked! But of course now the problem is that I >>>> can't get on the Internet any more from behind the m0n0... (the entire >>>> problem comes from my DSL modem which is not a full-fledged router and >>>> cannot be given static routes, thus the need for m0n0 NATting when going >>>> outbound). >>>> Any further suggestions so as to get the same outcome *without* turning >>>> off NAT? In particular, I don't understand why incoming connections are >>>> let through, create a firewall state, but return packets are filtered >>>> (despite "all-pass" rules) ?! >>>> >>>> Manuel Kasper a écrit : >>>>> On Jul 23, 2008, at 11:23 AM, Yannick Bréhon wrote: >>>>> >>>>>> OK here it is! Thanks to everyone who might help with this issue! >>>>> Since it seems that you don't want NAT between LAN and WAN, you need to >>>>> check the "Enable advanced outbound NAT" option and not define any >>>>> outbound NAT rules (and remove the existing inbound NAT rules as well). >>>>> That will effectively cause m0n0wall to become a plain (firewalling) >>>>> router, with no NAT at all. >>>>> >>>>> - Manuel >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >>>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch >>>>> >>>>> >>>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch >>>> >>>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch >>> >>> >>> > > |